Web Trend Map 4 (Detail) / 20090914.10D.53865 / SML, originally uploaded by See-ming Lee 李思明 SML.
For years, the U.S. Agriculture Department has publicly listed the Social Security numbers of tens of thousands of people who received financial aid from two of its agencies. Even more troubling, the department was not aware that it was exposing this personal information until an Illinois farmer reported it.
According to The New York Times, the database is more than 20 years old and is used by federal and state agencies, researchers, journalists, and private citizens to track government spending. Thousands of copies of the database exist. Officials at the department and at the Census Bureau, which maintains the database where the personal information was listed, were apparently unaware that it contained Social Security numbers.
Doing a search for her name, the farmer found a site--FedSpending.org--with a searchable listing of federal government expenditures, containing data from the government database. She said she found almost 30,000 records that contained Social Security numbers--a treasure trove for thieves.
FedSpending.org is owned by the nonprofit group OMB Watch, which monitors the Office of Management and Budget (OMB). The group created the site last year to provide public access to government contracts and grants in a searchable database. Users can search by company or individual names to see who receives federal money.
Agriculture Department and Census Bureau officials quickly removed the numbers from the census website and began notifying those whose numbers had been available on the site. The department said 63,000 people could be at risk. OMB Watch removed the data from its website for 30 days to allow the government to fix the problem.
But privacy advocates said those actions may not be enough, and the improper disclosures may have violated the Federal Privacy Act, which restricts the release of personal information. OMB officials said disclosure of the numbers by the Agriculture Department does not violate the Privacy Act because the numbers were not displayed individually in the data, but as part of a larger number.
The disclosure of Social Security numbers in the census database is the latest in a string of data breaches at federal agencies in the past few years. Last year, hackers accessed an Agriculture Department database containing the names, Social Security numbers, and photos of current and former agency employees.
Over the past 10 months, federal agencies have reported dozens of incidents of exposing sensitive personal information on millions of people. The Department of Energy, the Navy, the Department of Veterans Affairs, the Social Security Administration and the Internal Revenue Service also suffered data breaches last year where personal information was lost or stolen.
The Census Bureau itself announced in March that it accidentally posted personal information--names, addresses, birth dates, family income ranges, and phone numbers--for about 302 American households on a public website where it was accessible for about five months.
Swartz, Nikki. "Breach may violate U.S. Privacy Act.(UP FRONT: News, Trends & Analysis)." Information Management Journal 41.4 (2007): 15. Computer Database. Web. 16 Sept. 2010.
Gale Document Number:A183550949